Internet Service Providers in Mumbai targeted in DDoS attack

Internet service providers (ISPs) in Mumbai are being targeted in a distributed denial of service attack (DDoS), said to be India’s largest ever attack, and also the world’s largest attack against ISPs. The attack is of a huge magnitude of 200 gigabytes per second. This is the reason behind the recent slowing down of the internet experienced by users around Mumbai. In a first, an FIR was filed against the DDoS attack with the Mumbai police.

What is a DDoS attack?

Most websites are designed to handle a certain amount of traffic at a given time. A denial of service attack will bombard the websites with requests, overloading the website until its server crashes, thus denying access of the website to legitimate users. A distributed denial of service attack is the same attack on a much larger scale, using a large number of computers infected with malware, known as a botnet, to overload the website.

In the present case, the DDoS attack is being conducted against the ISPs themselves, preventing legitimate internet access to all of the ISP’s customers. The motive behind the current attack is unknown, which can range from anything between blackmail, disrupting a competitor or just miscreants having fun. The effects on the ISPs can be quite harmful, losing customer loyalty being the primary one.

Increasing number of DDoS attacks around the world

All around the world, DDoS attacks have been on a rise. Most recent were the attacks on the Pokemon Go servers and the websites of the US Library of Congress. In fact, hackers have threatened to take Pokemon Go offline on August 1st through a DDoS attack. The reason for this rise is that DDoS attacks are very easy to conduct. The earlier effort required in creating a botnet is also no longer required, since botnets are now available for hire and on sale. Symantec reports a price range of between USD 10 to 1000 per day for acquiring such botnets on the cyber black market. In fact, botnets-for hire were reported to be responsible for almost 40% of the DDOS attacks in 2015.

Combating the DDoS attack

Fighting a DDoS attack is not easy. The Mumbai police are reported to be blocking out the IP addresses from which the requests are originating in the current attack. However, since these IP addresses belong to the botnet, it does not block out the actual perpetrator, who will be controlling them remotely. In fact, the easy availability of botnets gives the cybercriminal the ability to combat preventive measures by putting more and more infected computers at work on the attack. Another method is to make more hardware and bandwidth available, in order toallow legitimate users to enter. This is one of the few methods which temporarily mitigates the flood of requests. This option, however, is only available to larger ISPs. This is probably why the favoured targets in the current Mumbai attacks are small and medium sized ISPs, who do not have the infrastructure and resources to combat the attack.

DDoS attacks can last for a few hours, to weeks, to even months. Inevitably, they only stop when the perpetrator decides to stop. Finding an effective solution to this is urgent.

Indian laws inadequate for international investigation

The real problem, however, arises with finding the perpetrator. The requests being sent in a DDoS attack involves going through routers, and the investigative process gets more complicated with every new router involved, which are usually several in number. Additionally, the botnet need not be entirely in India. Even if the botnet is entirely in India, chances are that the perpetrator himself is located outside India.

The current Mumbai attack is reported to have originated from Eastern Europe and China. Legally, the Information Technology Act, 2000 and the Indian Penal Code, 1860 are adequately equipped to deal with the situation. Section 43(f) of the IT Act punishes ‘causing denial of access’ to a computer resource. Section 4 of the IPC gives the Indian police the power to act against a person outside India committing a crime against an Indian computer resource.

Though the basic laws are in place, laws enabling investigation overseas and extradition of a criminal from abroad are missing. Such laws are usually in the form of individual treaties between countries or through ratifying multilateral treaties. Existing Indian treaties for investigation and extradition do not include cybercrimes. The Budapest Convention on Cybercrime is at present the only multilateral international convention enabling investigations and extradition w.r.t, cybercrime. India, however, has refused to ratify this Convention, since it was drafted without the involvement of developing countries like India.The result is that despite the fact that a large number of cybercrimes originate outside India, investigation outside India can take any amount of time. The time factor plays a major role in cybercrime investigation, where the evidence is so delicate that it can be deleted or modified in seconds. The result is that though on paper, the laws are in place, practically speaking investigations are difficult.

Investigating and catching the criminals behind this increasing number of cybercrime from abroad is in itself a difficult process, without adding the issue of inadequate laws. Even if the Indian government chooses not to ratify the Budapest Convention, it needs to provide police and cybercrime investigative authorities with an alternative solution to enable international investigation.

The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject.